Categories > Exploiting > Roblox >
Help with creating an internal executor
Posted
I can't get the Task Scheduler since the function itself (getTashScheduler with UPDATED offsets crashes itself?)
typedef uintptr_t(__cdecl* rbx_gettaskscheduler)();
uint64_t getTaskSchedulerAddress = startAddress + offsets::getTaskScheduler;
rbx_gettaskscheduler getTaskScheduler = reinterpret_cast<rbx_gettaskscheduler>(getTaskSchedulerAddress);inline uintptr_t getTaskScheduler = 0x2d91d65;like why?
uintptr_t get_job(const char* job_name) noexcept {
auto scheduler = getTaskScheduler();
auto jobs_start = *reinterpret_cast<uintptr_t*>(scheduler + 0x198);
const auto jobs_end = *reinterpret_cast<uintptr_t*>(scheduler + 0x1a0);
auto result = uintptr_t();
for (; jobs_start < jobs_end; jobs_start += 8u) {
const auto job = *reinterpret_cast<uintptr_t*>(jobs_start);
r_print(0, std::to_string(job).c_str());
if (*reinterpret_cast<std::string*>(job + 0x90) == job_name)
result = job;
}
return result;
}i mean, it just crashes
i need some help since all of people that could've helped are retarded and they wont help me
Cancel
Post
Replied
Whatever "updated" offsets you have probably aren't valid. The crash is likely an access violation. You'll need to reconstruct the scheduler manually to get the correct offsets.
A good place to start is to learn how to reverse engineer. You won't get far without that. You can simply use a tool like ReClass.NET to reconstruct the class from scratch using hints from RTTI, then you'll be able to find out why you're crashing.
Additionally, Roblox uses many methods to protect its internal integrity, so there may be a chance that it's detecting something.
Cancel
Post
Used to be involved with game hacking, now I'm involved in cybersecurity. https://reversed.coffee/blog
Replied
thanks, I'm starting to learn more reverse engineering (on C++) from Roblox
then, I'll have to ge tthe offsets myself, using IDA Pro & dumpers for exe's
Cancel
Post
Added
For someone who wants to help:
I have got a new error (crash). My decrypt state function just crashes.
v37 = sub_D35D80(v36 + 0x118, &v301, &v312); //GLOBAL STATE
v38 = sub_AEEE8F0(v37 + 0x88); //DECRYPT STATEAs you can see, i think i have valid offsets and everything.
But this code (decrypt state) errors.
const uint32_t identity = 0;
const uintptr_t script = 0;
/*
v37 = sub_1135D80(v36 + 0x118, &v301, &v312); GLOBAL STATE
v38 = sub_EEE8F0(v37 + 0x88); DECRYPT STATE
*/
uintptr_t state = getGlobalState(scriptContext+0x118, &identity, &script);
r_print(1, std::format("Global state: {:#x}", state).c_str());
lua_State* rL = decryptState(state+0x88);
r_print(1, std::format("Lua state: {:#x}", reinterpret_cast<uintptr_t>(rL)).c_str());(offsets are shifted since i rebased it, i have them normal)
I'd like to have some help on that.
Cancel
Post
Replied
May you try 0x2D91830?
Cancel
Post
Replied
Thank you so much for the help.
Cancel
Post
Users viewing this thread:
( Members: 0, Guests: 1, Total: 1 )
Comments
RealNickk 10 Reputation
Commented
Yup, no problem. I would advise against using "address dumper" tools that give you offsets to functions and static pointers because they tend to provide inaccurate information and if they break, you won't know enough internal information about the game to find the correct offsets.
Definitely look into tools like Scylla, PETools, and ReClass.NET. Could also dump the process memory and suspend the game using Process Hacker and open the memory dump open in Cheat Engine for an uninterrupted (but static) reverse engineering experience, although I don't know if virtual addresses will be retained properly or not - which will be required for pointer reference scanning.
0
boui 0 Reputation
Commented
Bad thing that PETools, my beloved, doesn't work (the github version) with x64.
I think I have some community-built dumpers so I can get roblox dumped and check it around. Thanks for giving me plenty more of dumpers and information.
0